Darknet Blues

Alan Kilkenny heard the future in 1981, and it was good. "The Compact Digital Audio Disc is another step forward in an exciting new age of digitized sound," he enthused in the professional journal Studio Sound. "Sooner or later we can expect the link to the home to be digital as well, bringing live concerts into the home with alarming realism." The man who wrote

those prescient words was no wild-eyed cyber-visionary. He was a spokesman for the consumer electronics giant Sony, which had just developed the compact disc in partnership with Philips, the Dutch conglomerate that also owned PolyGram Records. The slogan that Philips and Sony devised for the new format pegged the music industry's rosy view of digital technology: "Perfect Sound Forever." By 1990, almost a billion CDs were sold every year.

More than 20 years and billions of downloads later, Kilkenny's new age is way behind schedule. Nearly 20 million Americans use high-speed broadband connections, but there's very little legally sanctioned music coursing through those millions of miles of fiber optics. While the record labels have made peace with the side of the high-tech world that can help them fight piracy, they're locked in a battle with Internet service providers, the broadband gatekeepers whose cooperation is key to the future of digitally delivered music.

Although the labels' ingrained caution ensures that change still happens at dial-up speed, MusicNet and Pressplay, both owned by the major labels, have finally been joined by a handful of independent online music vendors. AOL recently introduced a service that allows unlimited streaming and limited downloads for a monthly fee. Apple will soon sell online music to Mac users with enthusiastic support from the same labels so offended by the "Rip, Mix, Burn" ad campaign. These changes have come during a period of drastic retrenchment in the music industry, still reeling from 2002's dismal sales. Top management is fluid everywhere, and Recording Industry Association of America CEO Hilary Rosen, the public face of the industry's battle against downloaders, announced her resignation. Supposedly, she will be missed.

Rosen's announcement came the same week in January that the RIAA scored a key legal victory in its ongoing effort to dictate the terms of that culture shift. A federal judge ordered Verizon to reveal the identity of a broadband subscriber who the RIAA accuses of massive file-trading via Kazaa. Emboldened by the decision, the RIAA demanded the name of another alleged infringer in February. Verizon is frantically appealing, in anticipation of a firestorm of subpoenas. This week, Verizon lawyers are asking a judge to quash the second subpoena, arguing that by the time the appeal is heard, the RIAA will have demanded thousands of names.

While Verizon appeals, the case has become a bellwether of how assiduously Internet service providers need to protect the music industry's intellectual property. The Digital Millennium Copyright Act of 1998 gives the biz enormous leeway in pursuing pirates. Service providers are required to reveal the name of any subscriber suspected by a copyright holder of storing proscribed material on the service provider's network. Anonymous "John Doe" lawsuits are also authorized, an option those thus empowered have declined to exercise. "The subpoena power the entertainment industry has is unprecedented, at least on the federal level," says Fred von Lohmann, an attorney for the Electronic Frontier Foundation. "It's the kind of power normally reserved for law enforcement agencies."

The industry's problem is that the DMCA was designed for a pre-Napster world. Since peer-to-peer, the overwhelming majority of MP3s have been stored on personal hard drives, rather than on disks maintained by service providers. Verizon argues that the law doesn't require the company to violate the privacy of people who use Verizon's network only as a "pipeline." Why, Verizon lawyer Sarah Deutsch asks, doesn't the RIAA exploit the DMCA's 'John Doe' lawsuit provision? "I think they're afraid of accidentally suing a 12-year-old. But they want us to hand over hundreds of thousands of names, so they can take them to a private investigator, filter out the 12-year-olds and grandmothers, and find the most unsympathetic person."

"That's an unbelievable projection on Verizon's part," responds RIAA president Cary Sherman. "We want to deal with as many people as possible, some by suing them, some by warning them. Verizon is basically telling us they prefer we sue their customers, rather than warn them." But precedent supports Deutsch's suspicion. According to the fair use advocacy group Public Knowledge, Warner Bros. asked UUNet to cut off a subscriber with a "Harry Potter" file on his hard drive. It turned out to be a child's book report.

But as a referendum on the DMCA, the RIAA's lawsuit also addresses far broader issues of privacy and due process in the online world. Under the law, anyone who claims to be a wronged rights-holder can go to a service provider with someone's Internet protocol address (easily obtained in most file-sharing programs), and compel the provider, without a court order, to reveal that person's identity. In a strange accident of history, the way the courts interpret the DMCA could test the limits of online privacy in the new surveillance state almost as tellingly as the Patriot Act.

"It's a system that's ripe for abuse," says von Lohmann. "People who are identified receive no notice that that's how their name was discovered, so if a private investigator or a stalker gets your name and address, you won't know to go back and ask your ISP. It's an enormous risk to consumer privacy and anonymity. Even if this is what Congress intended, Congress acted unconstitutionally. Why should it be easier for the recording industry to violate your anonymity, with less cause, then anyone else?"

The record labels aren't relying solely on the courts. They've experimented with ways to "spoof" file-traders by flooding networks with bogus files. They've promoted legislation that would permit them to jam transmissions to and from a computer suspected of trading illicit files. And they've continued to turn colleges into online traffic cops. The University of Wyoming now stores a copy of everything that travels over its computer network, including e-mail. Arizona State University recently yanked the Internet privileges of an honors student who downloaded Animal House. "I don't think it's part of any educational institution's mission to teach students to steal," bristles Bob Kruger, enforcement chief for the Business Software Alliance, a trade group that partners with the RIAA to fight piracy. "That really pisses me off."

Senator Fritz Hollings of South Carolina is the unlikely matchmaker here. In an attempt to encourage the development of broadband entertainment by ending years of bickering between the entertainment and computer companies, Hollings introduced legislation in 2002 that gave the two industries a year to agree on anti-piracy measures or face government-mandated solutions. The scare tactic worked. In a move calculated to coincide with the new congressional session in January, the RIAA, BSA, and the Computer Systems Policy Project announced an agreement on "core principles" for their lobbying efforts. The record companies won't support any Hollings-style legislation, and the computer groups won't support legislative attempts to weaken the DMCA (there have been at least three so far).

The agreement creates some odd political alliances. When Napster was a hot issue, Republicans usually took the computer industry's side, while the music business, like Hollywood, has typically relied on the Democrats. But this agreement echoes the nearly identical principles of the Alliance for Digital Progress, a new lobbying group led by Fred McClure, a legislative adviser for Reagan and the first Bush who pulled major strings for John Ashcroft's nomination.

Strange bedfellows aside, what's most important about this agreement is who was invited to the table: the CSPP, comprising eight corporations with heavy interests in information technology, and the BSA, widely regarded as the political arm of Microsoft. In other words, the music industry is throwing in its lot with Big Software, another sign that anti-piracy protection and enforcement will remain its highest priority. This union with Big Software does make a certain amount of sense, given the software industry's innovative methods of fighting piracy of its own products, such as giving away programs that require payment for continued use after a certain date.

But the agreement pointedly excludes other parties who could help lure downloaders back into the marketplace. These include service providers, consumer electronics companies, Internet trade organizations that want the music industry to license its content to more online merchants, and consumer groups working to protect fair use. Needless to say, this disconnect has a long history. Last year, for example, Macintosh users were surprised to discover that playing Celine Dion's A New Day Has Come in a Mac CD drive made their computers blow up. Apple refused to provide tech support, ostensibly because the discs carried a label that warned they weren't playable on PCs or Macs. "Apple was essentially saying, 'If you stuck a tuna sandwich in your CD drive, we wouldn't fix it, because you fucked up,' " says Chris Murray of the Consumers Union. "They were trying to send a global message that they weren't going to bear the burden of an industry that was screwing the consumer." Its support of Apple's new online service notwithstanding, the music business still has trouble heeding this message. The March issue of Harper's reprints a hilariously unrepentant response from EMI to someone who wrote to complain that his new Toto CD wouldn't play on his computer or DVD player. It ended: "We will do everything in our power whether you like it or not."

Companies like Apple and Verizon believe they shouldn't be expected to police behavior that wouldn't need policing if there wasn't Prohibition out there. But what might such a world look like? Desperate to speed up the development of a vibrant online music business, Verizon is among the leaders in calling for a "compulsory license" for digital music, meaning the labels would essentially rent their catalogs to online agents, who would in turn afford their customers extensive and flexible access. Napster, for example, offered a deal worth $1 billion over five years, but was turned down before being sued out of existence. Von Lohmann calls compulsory licensing "one of the more ascendant ideas of 2003," and supports raising the money by placing a small tax on service providers, arguing that they're stable, mostly based in this country, and a natural site for a digital "turnstile." He thinks demand would be so strong that the industry could reasonably expect to see, at a minimum, the same profits it earned in 1997: "They say the Internet is eroding their traditional profitsfine, we'll guarantee them the profits they made before the Internet rained on their parade." Even if von Lohmann is overstating, consider that if the labels had accepted Napster's offer, their revenues from downloads over the past two years would be $400 million instead of pocket change.

If a broadband connection included access to a vast catalog of music, the number of subscribers would shoot up, driving down the cost of broadband while increasing the size of the pot. Many newspapers and magazines grant extensive free access to their content online while managing to impose certain limits, and TV and radio come both free and pay. Why can't similar plans be devised for content encoded as sound? Nielsen-like methods for tracking music downloads already in development could determine how revenues are divided. And none of this means that the record companies will stop selling CDs, or that the public will want them to.

Even the music industry's new allies in Big Software are suggesting it has to loosen up. In November, four senior engineers released a paper called "The Darknet and the Future of Content Distribution" (available at crypto.stanford.edu/DRM2002/darknet5.doc). It's less a technical report than a cogently articulated logical exercise. The authors argue that the "darknet"their term for all practices related to the underground sharing of digital contentis ultimately unstoppable. Therefore, embedding digital objects with tight security controls decreases their value and drives people back to the darknet, making copy protection not just "inherently ineffective," but also a "disincentive to legal commerce." Their conclusion: "A vendor will probably make more money selling unprotected objects than protected objects."

Like Alan Kilkenny two decades ago, the authors aren't wild-eyed cyber-visionaries. They all work for Microsoft. Alarming realism, indeed.